Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1602 vulnerabilities by ImageMagick

    CVE-2026-61870 (GCVE-0-2026-61870)

    Vulnerability from nvd – Published: 2026-07-11 13:01 – Updated: 2026-07-11 13:01
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak via VIFF Encoder
    Summary
    ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service.
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-11T13:01:09.995Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-m596-67p7-69wh)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-m596-67p7-69wh"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak via VIFF Encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-via-viff-encoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak via VIFF Encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61870",
        "datePublished": "2026-07-11T13:01:09.995Z",
        "dateReserved": "2026-07-10T21:54:26.760Z",
        "dateUpdated": "2026-07-11T13:01:09.995Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61861 (GCVE-0-2026-61861)

    Vulnerability from nvd – Published: 2026-07-11 13:01 – Updated: 2026-07-11 13:01
    VLAI
    Title
    ImageMagick before 7.1.2-26 Use-After-Free in FormatMagickCaption
    Summary
    ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    RigelYoung
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "RigelYoung"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-11T13:01:09.306Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-qvxh-prvr-85w2)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvxh-prvr-85w2"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Use-After-Free in FormatMagickCaption",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-use-after-free-in-formatmagickcaption"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Use-After-Free in FormatMagickCaption",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61861",
        "datePublished": "2026-07-11T13:01:09.306Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-11T13:01:09.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61858 (GCVE-0-2026-61858)

    Vulnerability from nvd – Published: 2026-07-11 13:01 – Updated: 2026-07-11 13:01
    VLAI
    Title
    ImageMagick before 7.1.2-26 Policy Bypass via APNG encoder
    Summary
    ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process.
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    rexpository
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "rexpository"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-11T13:01:08.621Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-v3j6-27vc-7pw2)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v3j6-27vc-7pw2"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Policy Bypass via APNG encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-policy-bypass-via-apng-encoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Policy Bypass via APNG encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61858",
        "datePublished": "2026-07-11T13:01:08.621Z",
        "dateReserved": "2026-07-10T21:53:55.768Z",
        "dateUpdated": "2026-07-11T13:01:08.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61857 (GCVE-0-2026-61857)

    Vulnerability from nvd – Published: 2026-07-11 13:01 – Updated: 2026-07-11 13:01
    VLAI
    Title
    ImageMagick before 7.1.2-26 Heap Use-After-Free via XMP
    Summary
    ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    rexpository
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "rexpository"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-252",
                  "description": "Unchecked Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-11T13:01:07.926Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-qh5g-q395-cx4j)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh5g-q395-cx4j"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Heap Use-After-Free via XMP",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-heap-use-after-free-via-xmp"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Heap Use-After-Free via XMP",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61857",
        "datePublished": "2026-07-11T13:01:07.926Z",
        "dateReserved": "2026-07-10T21:53:55.768Z",
        "dateUpdated": "2026-07-11T13:01:07.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61465 (GCVE-0-2026-61465)

    Vulnerability from nvd – Published: 2026-07-11 13:01 – Updated: 2026-07-11 13:01
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Allocation Policy Bypass
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of service.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    rexpository
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "rexpository"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-11T13:01:07.209Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-rvhp-75f6-9jqh)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rvhp-75f6-9jqh"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Allocation Policy Bypass",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-allocation-policy-bypass"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Allocation Policy Bypass",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61465",
        "datePublished": "2026-07-11T13:01:07.209Z",
        "dateReserved": "2026-07-09T14:07:55.625Z",
        "dateUpdated": "2026-07-11T13:01:07.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56372 (GCVE-0-2026-56372)

    Vulnerability from nvd – Published: 2026-07-11 13:00 – Updated: 2026-07-11 13:00
    VLAI
    Title
    ImageMagick - Heap Buffer Overflow Read via Unrecognized Magnify Method
    Summary
    ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-19 (semver)
    Unaffected: 7.1.2-19 (semver)
    Create a notification for this product.
    Date Public
    2026-04-13 00:00
    Credits
    e1abrador
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-19",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-19",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "e1abrador"
            }
          ],
          "datePublic": "2026-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-11T13:00:58.423Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-8vfj-q2cp-5m5j)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8vfj-q2cp-5m5j"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Heap Buffer Overflow Read via Unrecognized Magnify Method",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-heap-buffer-overflow-read-via-unrecognized-magnify-method"
            }
          ],
          "title": "ImageMagick - Heap Buffer Overflow Read via Unrecognized Magnify Method",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56372",
        "datePublished": "2026-07-11T13:00:58.423Z",
        "dateReserved": "2026-06-21T02:05:21.920Z",
        "dateUpdated": "2026-07-11T13:00:58.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56373 (GCVE-0-2026-56373)

    Vulnerability from nvd – Published: 2026-07-10 13:57 – Updated: 2026-07-10 15:06
    VLAI
    Title
    ImageMagick - Use-After-Free Write in PDB Decoder
    Summary
    ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-15 (semver)
    Unaffected: 7.1.2-15 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-40 (semver)
    Unaffected: 6.9.13-40 (semver)
    Create a notification for this product.
    Date Public
    2026-02-23 00:00
    Credits
    zerojackyi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56373",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:04:44.577179Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T15:06:42.233Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-15",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-15",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-40",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-40",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-15",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-40",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "zerojackyi"
            }
          ],
          "datePublic": "2026-02-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T13:57:58.981Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-3j4x-rwrx-xxj9)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3j4x-rwrx-xxj9"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Use-After-Free Write in PDB Decoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-use-after-free-write-in-pdb-decoder"
            }
          ],
          "title": "ImageMagick - Use-After-Free Write in PDB Decoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56373",
        "datePublished": "2026-07-10T13:57:58.981Z",
        "dateReserved": "2026-06-21T02:05:21.920Z",
        "dateUpdated": "2026-07-10T15:06:42.233Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56366 (GCVE-0-2026-56366)

    Vulnerability from nvd – Published: 2026-07-10 13:57 – Updated: 2026-07-10 13:57
    VLAI
    Title
    ImageMagick - Memory Leak in META Reader APP1JPEG Error Path
    Summary
    ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-18 (semver)
    Unaffected: 7.1.2-18 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-43 (semver)
    Unaffected: 6.9.13-43 (semver)
    Create a notification for this product.
    Date Public
    2026-03-24 00:00
    Credits
    unbengable12
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-18",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-43",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-43",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-43",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "unbengable12"
            }
          ],
          "datePublic": "2026-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T13:57:58.303Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-9r56-3gjq-hqf7)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9r56-3gjq-hqf7"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Memory Leak in META Reader APP1JPEG Error Path",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-meta-reader-app1jpeg-error-path"
            }
          ],
          "title": "ImageMagick - Memory Leak in META Reader APP1JPEG Error Path",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56366",
        "datePublished": "2026-07-10T13:57:58.303Z",
        "dateReserved": "2026-06-21T02:05:21.919Z",
        "dateUpdated": "2026-07-10T13:57:58.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56374 (GCVE-0-2026-56374)

    Vulnerability from nvd – Published: 2026-07-08 13:49 – Updated: 2026-07-08 15:46
    VLAI
    Title
    ImageMagick - Heap Buffer Overflow in FTXT Encoder via format Parameter
    Summary
    ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-19 (semver)
    Unaffected: 7.1.2-19 (semver)
    Create a notification for this product.
    Date Public
    2026-04-13 00:00
    Credits
    unbengable12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56374",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T15:46:45.904836Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T15:46:51.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-19",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-19",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "unbengable12"
            }
          ],
          "datePublic": "2026-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T13:49:04.868Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-w54j-7wpm-crhj)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w54j-7wpm-crhj"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Heap Buffer Overflow in FTXT Encoder via format Parameter",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-heap-buffer-overflow-in-ftxt-encoder-via-format-parameter"
            }
          ],
          "title": "ImageMagick - Heap Buffer Overflow in FTXT Encoder via format Parameter",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56374",
        "datePublished": "2026-07-08T13:49:04.868Z",
        "dateReserved": "2026-06-21T02:05:21.920Z",
        "dateUpdated": "2026-07-08T15:46:51.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56362 (GCVE-0-2026-56362)

    Vulnerability from nvd – Published: 2026-07-08 13:49 – Updated: 2026-07-08 17:08
    VLAI
    Title
    ImageMagick - Heap-buffer-overflow Read in GetPixelIndex via OpenPixelCache Metadata Desynchronization
    Summary
    ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-15 (semver)
    Unaffected: 7.1.2-15 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-40 (semver)
    Unaffected: 6.9.13-40 (semver)
    Create a notification for this product.
    Date Public
    2026-02-23 00:00
    Credits
    ylwango613
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56362",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T16:41:35.114834Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T17:08:28.947Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-15",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-15",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-40",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-40",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-15",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-40",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ylwango613"
            }
          ],
          "datePublic": "2026-02-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T13:49:04.142Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-gq5v-qf8q-fp77)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gq5v-qf8q-fp77"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Heap-buffer-overflow Read in GetPixelIndex via OpenPixelCache Metadata Desynchronization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-heap-buffer-overflow-read-in-getpixelindex-via-openpixelcache-metadata-desynchronization"
            }
          ],
          "title": "ImageMagick - Heap-buffer-overflow Read in GetPixelIndex via OpenPixelCache Metadata Desynchronization",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56362",
        "datePublished": "2026-07-08T13:49:04.142Z",
        "dateReserved": "2026-06-20T21:16:53.711Z",
        "dateUpdated": "2026-07-08T17:08:28.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55628 (GCVE-0-2026-55628)

    Vulnerability from nvd – Published: 2026-07-01 18:16 – Updated: 2026-07-01 18:34
    VLAI
    Title
    ImageMagick: Policy Bypass in concatenate operation due to missing checks
    Summary
    In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    • CWE-862 - Missing Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: < 7.1.2-26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55628",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T18:34:24.518609Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T18:34:34.320Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.1.2-26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:16:23.076Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7"
            }
          ],
          "source": {
            "advisory": "GHSA-82mp-vp5c-9pf7",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Policy Bypass in concatenate operation due to missing checks"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55628",
        "datePublished": "2026-07-01T18:16:23.076Z",
        "dateReserved": "2026-06-16T23:52:12.055Z",
        "dateUpdated": "2026-07-01T18:34:34.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55597 (GCVE-0-2026-55597)

    Vulnerability from nvd – Published: 2026-07-01 19:03 – Updated: 2026-07-01 19:21
    VLAI
    Title
    ImageMagick: Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of arguments
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: < 7.1.2-26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55597",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T19:20:56.190744Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T19:21:38.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.1.2-26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-682",
                  "description": "CWE-682: Incorrect Calculation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T19:03:29.911Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4"
            }
          ],
          "source": {
            "advisory": "GHSA-c4v7-w88g-m6c4",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of arguments"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55597",
        "datePublished": "2026-07-01T19:03:29.911Z",
        "dateReserved": "2026-06-16T23:18:03.170Z",
        "dateUpdated": "2026-07-01T19:21:38.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55595 (GCVE-0-2026-55595)

    Vulnerability from nvd – Published: 2026-07-01 19:00 – Updated: 2026-07-02 12:46
    VLAI
    Title
    ImageMagick: Infinite Loop in connected-components when providing invalid arguments
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: >= 7.0.1-0, < 7.1.2-26
    Affected: < 6.9.13-51
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55595",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:46:31.787688Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:46:43.676Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T19:00:31.074Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h"
            }
          ],
          "source": {
            "advisory": "GHSA-qhmf-7fc4-8q3h",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Infinite Loop in connected-components when providing invalid arguments"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55595",
        "datePublished": "2026-07-01T19:00:31.074Z",
        "dateReserved": "2026-06-16T23:18:03.170Z",
        "dateUpdated": "2026-07-02T12:46:43.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55594 (GCVE-0-2026-55594)

    Vulnerability from nvd – Published: 2026-07-01 18:58 – Updated: 2026-07-02 14:38
    VLAI
    Title
    ImageMagick: Stack Overflow in MVG decoder due to missing depth check.
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-674 - Uncontrolled Recursion
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: >= 7.0.1-0, < 7.1.2-26
    Affected: < 6.9.13-51
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55594",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T14:37:56.304875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T14:38:08.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674: Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:58:46.046Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mx48-2qq3-23hf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mx48-2qq3-23hf"
            }
          ],
          "source": {
            "advisory": "GHSA-mx48-2qq3-23hf",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Stack Overflow in MVG decoder due to missing depth check."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55594",
        "datePublished": "2026-07-01T18:58:46.046Z",
        "dateReserved": "2026-06-16T23:18:03.170Z",
        "dateUpdated": "2026-07-02T14:38:08.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55577 (GCVE-0-2026-55577)

    Vulnerability from nvd – Published: 2026-07-01 18:56 – Updated: 2026-07-01 19:24
    VLAI
    Title
    ImageMagick: Heap Buffer Overflow in ImageMagick MVG decoder
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    • CWE-755 - Improper Handling of Exceptional Conditions
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: >= 7.0.1-0, < 7.1.2-26
    Affected: < 6.9.13-51
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55577",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T19:24:24.858753Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T19:24:45.452Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-755",
                  "description": "CWE-755: Improper Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:56:28.768Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wx47-rm3x-jx6p"
            }
          ],
          "source": {
            "advisory": "GHSA-wx47-rm3x-jx6p",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Heap Buffer Overflow in ImageMagick MVG decoder"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55577",
        "datePublished": "2026-07-01T18:56:28.768Z",
        "dateReserved": "2026-06-16T23:11:20.215Z",
        "dateUpdated": "2026-07-01T19:24:45.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55510 (GCVE-0-2026-55510)

    Vulnerability from nvd – Published: 2026-07-01 18:53 – Updated: 2026-07-01 19:21
    VLAI
    Title
    ImageMagick: Use-After-Free in crafted 8BIM when identifying an image
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a use-after-free will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: >= 7.0.1-0, < 7.1.2-26
    Affected: < 6.9.13-51
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55510",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T19:21:31.578490Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T19:21:37.355Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a use-after-free will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:55:04.567Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-ff5c-8x9r-8qcw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-ff5c-8x9r-8qcw"
            }
          ],
          "source": {
            "advisory": "GHSA-ff5c-8x9r-8qcw",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Use-After-Free in crafted 8BIM when identifying an image"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55510",
        "datePublished": "2026-07-01T18:53:58.567Z",
        "dateReserved": "2026-06-16T22:44:22.283Z",
        "dateUpdated": "2026-07-01T19:21:37.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53467 (GCVE-0-2026-53467)

    Vulnerability from nvd – Published: 2026-07-01 18:50 – Updated: 2026-07-01 19:27
    VLAI
    Title
    ImageMagick: Information Disclosure in MNG decoder because allocated memory is left unchanged
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-908 - Use of Uninitialized Resource
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: < 6.9.13-51
    Affected: >= 7.0.1-0, < 7.1.2-26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53467",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T19:26:55.818775Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T19:27:13.148Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosure vulnerability because part of the pixels are left unchanged. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-908",
                  "description": "CWE-908: Use of Uninitialized Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:50:56.821Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8g53-9m3c-69xg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8g53-9m3c-69xg"
            }
          ],
          "source": {
            "advisory": "GHSA-8g53-9m3c-69xg",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Information Disclosure in MNG decoder because allocated memory is left unchanged"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-53467",
        "datePublished": "2026-07-01T18:50:56.821Z",
        "dateReserved": "2026-06-09T16:31:21.495Z",
        "dateUpdated": "2026-07-01T19:27:13.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53466 (GCVE-0-2026-53466)

    Vulnerability from nvd – Published: 2026-07-01 18:20 – Updated: 2026-07-01 18:52
    VLAI
    Title
    ImageMagick: Heap Buffer Over-Read in XCF decoder due to integer conversion overflow
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-681 - Incorrect Conversion between Numeric Types
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: < 6.9.13-51
    Affected: >= 7.0.1-0, < 7.1.2-26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53466",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T18:50:58.614982Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T18:52:17.717Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-681",
                  "description": "CWE-681: Incorrect Conversion between Numeric Types",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T18:20:44.416Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m"
            }
          ],
          "source": {
            "advisory": "GHSA-pjxj-pchx-4c3m",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Heap Buffer Over-Read in XCF decoder due to integer conversion overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-53466",
        "datePublished": "2026-07-01T18:20:44.416Z",
        "dateReserved": "2026-06-09T16:31:21.495Z",
        "dateUpdated": "2026-07-01T18:52:17.717Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61870 (GCVE-0-2026-61870)

    Vulnerability from cvelistv5 – Published: 2026-07-11 13:01 – Updated: 2026-07-11 13:01
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Leak via VIFF Encoder
    Summary
    ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service.
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-11T13:01:09.995Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-m596-67p7-69wh)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-m596-67p7-69wh"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Leak via VIFF Encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-leak-via-viff-encoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Leak via VIFF Encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61870",
        "datePublished": "2026-07-11T13:01:09.995Z",
        "dateReserved": "2026-07-10T21:54:26.760Z",
        "dateUpdated": "2026-07-11T13:01:09.995Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61861 (GCVE-0-2026-61861)

    Vulnerability from cvelistv5 – Published: 2026-07-11 13:01 – Updated: 2026-07-11 13:01
    VLAI
    Title
    ImageMagick before 7.1.2-26 Use-After-Free in FormatMagickCaption
    Summary
    ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    RigelYoung
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "RigelYoung"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-11T13:01:09.306Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-qvxh-prvr-85w2)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvxh-prvr-85w2"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Use-After-Free in FormatMagickCaption",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-use-after-free-in-formatmagickcaption"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Use-After-Free in FormatMagickCaption",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61861",
        "datePublished": "2026-07-11T13:01:09.306Z",
        "dateReserved": "2026-07-10T21:53:55.769Z",
        "dateUpdated": "2026-07-11T13:01:09.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61858 (GCVE-0-2026-61858)

    Vulnerability from cvelistv5 – Published: 2026-07-11 13:01 – Updated: 2026-07-11 13:01
    VLAI
    Title
    ImageMagick before 7.1.2-26 Policy Bypass via APNG encoder
    Summary
    ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process.
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    rexpository
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "rexpository"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-11T13:01:08.621Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-v3j6-27vc-7pw2)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v3j6-27vc-7pw2"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Policy Bypass via APNG encoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-policy-bypass-via-apng-encoder"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Policy Bypass via APNG encoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61858",
        "datePublished": "2026-07-11T13:01:08.621Z",
        "dateReserved": "2026-07-10T21:53:55.768Z",
        "dateUpdated": "2026-07-11T13:01:08.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61857 (GCVE-0-2026-61857)

    Vulnerability from cvelistv5 – Published: 2026-07-11 13:01 – Updated: 2026-07-11 13:01
    VLAI
    Title
    ImageMagick before 7.1.2-26 Heap Use-After-Free via XMP
    Summary
    ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    rexpository
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "rexpository"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-252",
                  "description": "Unchecked Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-11T13:01:07.926Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-qh5g-q395-cx4j)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh5g-q395-cx4j"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Heap Use-After-Free via XMP",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-heap-use-after-free-via-xmp"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Heap Use-After-Free via XMP",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61857",
        "datePublished": "2026-07-11T13:01:07.926Z",
        "dateReserved": "2026-07-10T21:53:55.768Z",
        "dateUpdated": "2026-07-11T13:01:07.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-61465 (GCVE-0-2026-61465)

    Vulnerability from cvelistv5 – Published: 2026-07-11 13:01 – Updated: 2026-07-11 13:01
    VLAI
    Title
    ImageMagick before 7.1.2-26 Memory Allocation Policy Bypass
    Summary
    ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of service.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-26 (semver)
    Unaffected: 7.1.2-26 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-51 (semver)
    Unaffected: 6.9.13-51 (semver)
    Create a notification for this product.
    Date Public
    2026-06-26 00:00
    Credits
    rexpository
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-26",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-51",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-26",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-51",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "rexpository"
            }
          ],
          "datePublic": "2026-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-11T13:01:07.209Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-rvhp-75f6-9jqh)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rvhp-75f6-9jqh"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick before 7.1.2-26 Memory Allocation Policy Bypass",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-before-26-memory-allocation-policy-bypass"
            }
          ],
          "title": "ImageMagick before 7.1.2-26 Memory Allocation Policy Bypass",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-61465",
        "datePublished": "2026-07-11T13:01:07.209Z",
        "dateReserved": "2026-07-09T14:07:55.625Z",
        "dateUpdated": "2026-07-11T13:01:07.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56372 (GCVE-0-2026-56372)

    Vulnerability from cvelistv5 – Published: 2026-07-11 13:00 – Updated: 2026-07-11 13:00
    VLAI
    Title
    ImageMagick - Heap Buffer Overflow Read via Unrecognized Magnify Method
    Summary
    ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-19 (semver)
    Unaffected: 7.1.2-19 (semver)
    Create a notification for this product.
    Date Public
    2026-04-13 00:00
    Credits
    e1abrador
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-19",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-19",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "e1abrador"
            }
          ],
          "datePublic": "2026-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-11T13:00:58.423Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-8vfj-q2cp-5m5j)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8vfj-q2cp-5m5j"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Heap Buffer Overflow Read via Unrecognized Magnify Method",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-heap-buffer-overflow-read-via-unrecognized-magnify-method"
            }
          ],
          "title": "ImageMagick - Heap Buffer Overflow Read via Unrecognized Magnify Method",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56372",
        "datePublished": "2026-07-11T13:00:58.423Z",
        "dateReserved": "2026-06-21T02:05:21.920Z",
        "dateUpdated": "2026-07-11T13:00:58.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56373 (GCVE-0-2026-56373)

    Vulnerability from cvelistv5 – Published: 2026-07-10 13:57 – Updated: 2026-07-10 15:06
    VLAI
    Title
    ImageMagick - Use-After-Free Write in PDB Decoder
    Summary
    ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-15 (semver)
    Unaffected: 7.1.2-15 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-40 (semver)
    Unaffected: 6.9.13-40 (semver)
    Create a notification for this product.
    Date Public
    2026-02-23 00:00
    Credits
    zerojackyi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56373",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T15:04:44.577179Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T15:06:42.233Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-15",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-15",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-40",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-40",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-15",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-40",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "zerojackyi"
            }
          ],
          "datePublic": "2026-02-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T13:57:58.981Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-3j4x-rwrx-xxj9)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3j4x-rwrx-xxj9"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Use-After-Free Write in PDB Decoder",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-use-after-free-write-in-pdb-decoder"
            }
          ],
          "title": "ImageMagick - Use-After-Free Write in PDB Decoder",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56373",
        "datePublished": "2026-07-10T13:57:58.981Z",
        "dateReserved": "2026-06-21T02:05:21.920Z",
        "dateUpdated": "2026-07-10T15:06:42.233Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56366 (GCVE-0-2026-56366)

    Vulnerability from cvelistv5 – Published: 2026-07-10 13:57 – Updated: 2026-07-10 13:57
    VLAI
    Title
    ImageMagick - Memory Leak in META Reader APP1JPEG Error Path
    Summary
    ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-18 (semver)
    Unaffected: 7.1.2-18 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-43 (semver)
    Unaffected: 6.9.13-43 (semver)
    Create a notification for this product.
    Date Public
    2026-03-24 00:00
    Credits
    unbengable12
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-18",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-43",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-43",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-43",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "unbengable12"
            }
          ],
          "datePublic": "2026-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T13:57:58.303Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-9r56-3gjq-hqf7)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9r56-3gjq-hqf7"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Memory Leak in META Reader APP1JPEG Error Path",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-meta-reader-app1jpeg-error-path"
            }
          ],
          "title": "ImageMagick - Memory Leak in META Reader APP1JPEG Error Path",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56366",
        "datePublished": "2026-07-10T13:57:58.303Z",
        "dateReserved": "2026-06-21T02:05:21.919Z",
        "dateUpdated": "2026-07-10T13:57:58.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56374 (GCVE-0-2026-56374)

    Vulnerability from cvelistv5 – Published: 2026-07-08 13:49 – Updated: 2026-07-08 15:46
    VLAI
    Title
    ImageMagick - Heap Buffer Overflow in FTXT Encoder via format Parameter
    Summary
    ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-19 (semver)
    Unaffected: 7.1.2-19 (semver)
    Create a notification for this product.
    Date Public
    2026-04-13 00:00
    Credits
    unbengable12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56374",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T15:46:45.904836Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T15:46:51.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-19",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-19",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "unbengable12"
            }
          ],
          "datePublic": "2026-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T13:49:04.868Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-w54j-7wpm-crhj)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w54j-7wpm-crhj"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Heap Buffer Overflow in FTXT Encoder via format Parameter",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-heap-buffer-overflow-in-ftxt-encoder-via-format-parameter"
            }
          ],
          "title": "ImageMagick - Heap Buffer Overflow in FTXT Encoder via format Parameter",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56374",
        "datePublished": "2026-07-08T13:49:04.868Z",
        "dateReserved": "2026-06-21T02:05:21.920Z",
        "dateUpdated": "2026-07-08T15:46:51.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56362 (GCVE-0-2026-56362)

    Vulnerability from cvelistv5 – Published: 2026-07-08 13:49 – Updated: 2026-07-08 17:08
    VLAI
    Title
    ImageMagick - Heap-buffer-overflow Read in GetPixelIndex via OpenPixelCache Metadata Desynchronization
    Summary
    ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: 0 , < 7.1.2-15 (semver)
    Unaffected: 7.1.2-15 (semver)
    Create a notification for this product.
    ImageMagick ImageMagick Affected: 0 , < 6.9.13-40 (semver)
    Unaffected: 6.9.13-40 (semver)
    Create a notification for this product.
    Date Public
    2026-02-23 00:00
    Credits
    ylwango613
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56362",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T16:41:35.114834Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T17:08:28.947Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "7.1.2-15",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "7.1.2-15",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "lessThan": "6.9.13-40",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "6.9.13-40",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.2-15",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.9.13-40",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ylwango613"
            }
          ],
          "datePublic": "2026-02-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T13:49:04.142Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-gq5v-qf8q-fp77)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gq5v-qf8q-fp77"
            },
            {
              "name": "VulnCheck Advisory: ImageMagick - Heap-buffer-overflow Read in GetPixelIndex via OpenPixelCache Metadata Desynchronization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/imagemagick-heap-buffer-overflow-read-in-getpixelindex-via-openpixelcache-metadata-desynchronization"
            }
          ],
          "title": "ImageMagick - Heap-buffer-overflow Read in GetPixelIndex via OpenPixelCache Metadata Desynchronization",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-56362",
        "datePublished": "2026-07-08T13:49:04.142Z",
        "dateReserved": "2026-06-20T21:16:53.711Z",
        "dateUpdated": "2026-07-08T17:08:28.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55597 (GCVE-0-2026-55597)

    Vulnerability from cvelistv5 – Published: 2026-07-01 19:03 – Updated: 2026-07-01 19:21
    VLAI
    Title
    ImageMagick: Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of arguments
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: < 7.1.2-26
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55597",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T19:20:56.190744Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T19:21:38.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.1.2-26"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-682",
                  "description": "CWE-682: Incorrect Calculation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T19:03:29.911Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c4v7-w88g-m6c4"
            }
          ],
          "source": {
            "advisory": "GHSA-c4v7-w88g-m6c4",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of arguments"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55597",
        "datePublished": "2026-07-01T19:03:29.911Z",
        "dateReserved": "2026-06-16T23:18:03.170Z",
        "dateUpdated": "2026-07-01T19:21:38.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55595 (GCVE-0-2026-55595)

    Vulnerability from cvelistv5 – Published: 2026-07-01 19:00 – Updated: 2026-07-02 12:46
    VLAI
    Title
    ImageMagick: Infinite Loop in connected-components when providing invalid arguments
    Summary
    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ImageMagick ImageMagick Affected: >= 7.0.1-0, < 7.1.2-26
    Affected: < 6.9.13-51
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55595",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:46:31.787688Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:46:43.676Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ImageMagick",
              "vendor": "ImageMagick",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.1-0, \u003c 7.1.2-26"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.9.13-51"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T19:00:31.074Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qhmf-7fc4-8q3h"
            }
          ],
          "source": {
            "advisory": "GHSA-qhmf-7fc4-8q3h",
            "discovery": "UNKNOWN"
          },
          "title": "ImageMagick: Infinite Loop in connected-components when providing invalid arguments"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55595",
        "datePublished": "2026-07-01T19:00:31.074Z",
        "dateReserved": "2026-06-16T23:18:03.170Z",
        "dateUpdated": "2026-07-02T12:46:43.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }